blog

Covid-19: Cyber Criminals Launch Their Own ‘Virus’

Written by Cyber Security Associates | Dec 13, 2020 5:00:00 AM

Executive Summary

Whilst the world is currently preoccupied with public health, cyber attackers have taken advantage of the vulnerable position many home workers are in and set about releasing their own ‘cyber virus.’

Both employers and employees need to be vigilant in protecting themselves as well as confidential company information. Here are a few top considerations for employers and employees to bear in mind to minimize the risk:

For Employees

Connect To Secure Wi-Fi And Regularly Change Login Details

Avoid being easy prey for cyber attackers by making sure your internet connection is secure and password-protected. Many people do not change their Wi-Fi login details from the default or change the name of their router which makes it easy for hackers to gain access and control. Regularly changing these details is a simple yet effective way to deter cybercriminals and prevent them from gaining access to sensitive data.

Practice Good Cyber Hygiene

Keep your devices secure by ensuring the anti-virus protection is up to date, most software will automatically update but it is important to manually check for any updates that you may have missed. Stick to secure and known connections with private login details such as your Wi-Fi router and avoid the temptation to use Bluetooth in a pubic place as it’s an easy way for hackers to connect to your device. Use multi-factor authentication on any accounts that have it available and make sure to follow your company’s guidelines on internet use and the use of your own work devices.

Watch Out For Phishing Emails

Responding to a cleverly crafted phishing email could be all it takes for an organisation to be overrun by a scam. Many cyber attackers will promise offers related to Covid-19 that seem too good to be true with urgent instructions from your boss or request login details with the aim to get staff to unwittingly download malware onto their device and company systems.

Avoid this by enabling multi-factor authentication on accounts that you control, and be sure it is in use for Office 365 email accounts to dodge any attempts from cybercriminals. If you have any doubts, independently contact the sender to verify the email before sharing any private data or sensitive financial information.

Immediately Report Lost Or Stolen Devices

Working away from the secure environments of an office building can increase the potential for the loss or theft of your devices. Make sure you immediately report any lost or stolen IT equipment that houses sensitive private data to your company to minimise the risk of fraudulent activity.

For Employers

Keep All Information Confidential

It goes without saying that confidential information needs to remain confidential so it pays to remind employees to take extra precautions now that they are outside of the office. Advise that any work-related emails, phone calls and video conferences that share sensitive information should remain private even whilst working from home. The same approach should also be applied to printed documents, any that would require shredding in the office should be subjected to the same precautions at home - or should avoid being printed in the first instance.

Set Up Remote Access

If you have members of staff who require regular remote access, make sure to get it assigned before any new devices are sent to them. It is more difficult to issue multifactor authentication tokens to offsite employees who are working remotely for the first time and to install similar technology without physical access.

Ensure Employees Do Not Use Personal Laptops For Work And Vice Versa

Whilst the lines of home and work life are blurred more than ever, it is important to remind employees to keep personal and work devices separate. They should not use company-issued laptops for personal use, or vice versa. The use of personal devices to access confidential and private data can create problems around document preservation matters and also add to the risk of a cyber attack.

Keep Emergency Contact Details Updated

In case of emergency or security breach, make sure to have a way to contact all employees to advise them of any next steps. This could be a simple phone number or another way to contact an employee outside of company systems. Should the organisation fall victim to an attack (malware, ransom, DDoS or other), communication with your employees will not be compromised. For key personnel or senior management, set up a group on a secure texting application such as Signal so that if the systems are down and email is unable, senior management will be able to communicate without fear from interception by cybercriminals.

Taking these key actions on board will help keep any business and employees secure when working from home. A combination of keeping technology updated with the latest anti-virus software, practising good cyber hygiene and regular employee training will ensure you continue to operate securely and smartly.

CSA provides businesses with the tools and knowledge to help defend and protect against cyber threats. If your business could benefit from cyber security training, why not enrol in one of our e-learning courses today? View our courses here.